Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

vibeeval/dependency-analysis-patterns

Name: dependency-analysis-patterns
Author: vibeeval

skills/dependency-analysis-patterns/SKILL.md

npx skillsauth add vibeeval/vibecosystem dependency-analysis-patterns

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Dependency Analysis Patterns

Dependency Graph Visualization

# npm
npx depcruise --output-type dot src/ | dot -T svg > deps.svg

# Python
pipdeptree --graph-output svg > deps.svg

# Go
go mod graph | modgraphviz | dot -T svg > deps.svg

Circular Dependency Detection

# JavaScript/TypeScript
npx madge --circular src/
npx dpdm --circular src/index.ts

# Python
pydeps --cluster --no-show src/

Fix Strategies

| Circular Tip | Çözüm | |-------------|-------| | A → B → A | Interface/port ile inversion | | A → B → C → A | Shared module extract et | | Barrel file circular | Direct import kullan |

CVE Scanning

# npm
npm audit --json | jq '.vulnerabilities | to_entries[] | select(.value.severity == "critical")'

# pip
pip-audit --format json --desc

# Go
govulncheck ./...

# Multi-tool
trivy fs --severity CRITICAL,HIGH .

CVE Prioritization

| CVSS | Severity | Aksiyon | SLA | |------|----------|---------|-----| | 9.0+ | Critical | Hotfix | 24h | | 7.0-8.9 | High | Sprint fix | 1 hafta | | 4.0-6.9 | Medium | Backlog | 1 ay | | <4.0 | Low | Track | Fırsatçı |

License Compliance

# npm
npx license-checker --production --json --failOn "GPL-3.0;AGPL-3.0"

# Python
pip-licenses --format=json --fail-on="GPL-3.0"

| License | Commercial OK | Copyleft | Risk | |---------|-------------|----------|------| | MIT | Evet | Hayır | Düşük | | Apache-2.0 | Evet | Hayır | Düşük | | BSD-3 | Evet | Hayır | Düşük | | MPL-2.0 | Evet | Kısmi | Orta | | LGPL | Dikkat | Kısmi | Orta | | GPL-3.0 | Dikkat | Evet | Yüksek | | AGPL-3.0 | Dikkat | Evet | Çok yüksek |

Update Impact Analysis

# npm - outdated
npm outdated --json

# Semver risk
# patch (0.0.x) → güvenli
# minor (0.x.0) → genelde güvenli
# major (x.0.0) → breaking change riski

# Test after update
npm update <pkg> && npm test

Checklist

[ ] npm audit / pip-audit temiz (critical/high yok)
[ ] License audit pass (GPL yok)
[ ] Circular dependency yok
[ ] Lockfile committed ve güncel
[ ] Unused dependency yok (depcheck)
[ ] Renovate/Dependabot aktif
[ ] Major version behind ≤1

Anti-Patterns

Audit warning'leri ignore etmek
Lockfile commit etmemek
Pinned version kullanmamak (^, ~)
License check'siz production dependency
Dependency update'siz 6+ ay

vibeeval/dependency-analysis-patterns

skills/dependency-analysis-patterns/SKILL.md

Dependency graph visualization, circular dependency detection, CVE scanning, and license compliance

465 stars

testing

Updated Apr 16, 2026

$ install --global

skillsauth

npx skillsauth add vibeeval/vibecosystem dependency-analysis-patterns

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 16, 2026, 1:49 AM9.1s1 file scanned

SKILL.md

name:: dependency-analysis-patterns
description:: Dependency graph visualization, circular dependency detection, CVE scanning, and license compliance

Dependency Analysis Patterns

Dependency Graph Visualization

# npm
npx depcruise --output-type dot src/ | dot -T svg > deps.svg

# Python
pipdeptree --graph-output svg > deps.svg

# Go
go mod graph | modgraphviz | dot -T svg > deps.svg

Circular Dependency Detection

# JavaScript/TypeScript
npx madge --circular src/
npx dpdm --circular src/index.ts

# Python
pydeps --cluster --no-show src/

Fix Strategies

| Circular Tip | Çözüm | |-------------|-------| | A → B → A | Interface/port ile inversion | | A → B → C → A | Shared module extract et | | Barrel file circular | Direct import kullan |

CVE Scanning

# npm
npm audit --json | jq '.vulnerabilities | to_entries[] | select(.value.severity == "critical")'

# pip
pip-audit --format json --desc

# Go
govulncheck ./...

# Multi-tool
trivy fs --severity CRITICAL,HIGH .

CVE Prioritization

License Compliance

# npm
npx license-checker --production --json --failOn "GPL-3.0;AGPL-3.0"

# Python
pip-licenses --format=json --fail-on="GPL-3.0"

Update Impact Analysis

# npm - outdated
npm outdated --json

# Semver risk
# patch (0.0.x) → güvenli
# minor (0.x.0) → genelde güvenli
# major (x.0.0) → breaking change riski

# Test after update
npm update <pkg> && npm test

Checklist

[ ] npm audit / pip-audit temiz (critical/high yok)
[ ] License audit pass (GPL yok)
[ ] Circular dependency yok
[ ] Lockfile committed ve güncel
[ ] Unused dependency yok (depcheck)
[ ] Renovate/Dependabot aktif
[ ] Major version behind ≤1

Anti-Patterns

Audit warning'leri ignore etmek
Lockfile commit etmemek
Pinned version kullanmamak (^, ~)
License check'siz production dependency
Dependency update'siz 6+ ay

Related Skills

vibeeval/workflow-router

development

VerifiedTrustedCommunity

Goal-based workflow orchestration - routes tasks to specialist agents based on user goals

500SKILL.mdUpdated Jun 11, 2026

vibeeval/workflow-router

vibeeval/wiring

tools

VerifiedTrustedCommunity

Wiring Verification

500SKILL.mdUpdated Jun 11, 2026

vibeeval/websocket-patterns

development

VerifiedTrustedCommunity

Connection management, room patterns, reconnection strategies, message buffering, and binary protocol design.

500SKILL.mdUpdated Jun 11, 2026

vibeeval/websocket-patterns

vibeeval/vp-engineering

testing

VerifiedTrustedCommunity

VP Engineering perspective - org design (team topologies), process improvement, cross-team dependencies, engineering culture, OKRs, incident management maturity, platform strategy, DX optimization, release management at scale

500SKILL.mdUpdated Jun 11, 2026

vibeeval/vp-engineering

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/vibeeval/vibecosystem.git

# Copy into Claude Code skills folder (global)
cp -r vibecosystem/skills/dependency-analysis-patterns ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

vibeeval/vibecosystem

465 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT